Cloudflare is really after Zscaler these days, competing in SASE solution. Can anyone explain how those two SASE solutions have different architecture, and how sticky these architectures are respectively? I know Clouflare's SASE still miss many features but assuming they might catch up later, do they really have better architecture than Zscaler?

3.1k views1 Upvote4 Comments

Director of Network Transformation, Self-employed
I need to refrain from providing direct advice on SASE vendor comparisons as I work for one of the vendors in the space.  SASE is a large portfolio of solutions which encompasses a swath of network and security solutions.  Think strategic as you consider your journey.  

That said, do your due diligence as you would with any technology solution.  It comes down to what problem you are looking to solve - remote access, internet security and so on - and how each vendor solution fits your requirements.  Once you short list, make sure to test drive them.  Do several POCs.  What you will find is each option has strengths, weaknesses and approach the framework of SASE in their own way.  But as you do, keep in mind, SASE is a journey... thus my main point, think strategic.  It's not a point solution.  
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
I would say its all about the fitment in your organisation; May be cloudflare's is missing some feature but if you dont need those for next 3yrs just avoid and go for it; Bcoz in next either they will build those feature or you will get a better technology handle your risk. 
Senior Director, Defense Programs in Software, 5,001 - 10,000 employees
These architectures are as sticky as you allow them to be. With the right planning, rollout can be smooth.

If you’re buying today, buy features delivered today vs a roadmap and plan to re-evaluate in a few years when both are more mature.
Director of Enablement, 501 - 1,000 employees
Great question, with a very interesting stance. I work for a SASE company (and literally wrote the book on the subject) - so happy to share my thoughts.

ZScaler is primarily an SSE player (security service edge), which is effectively SASE without good SD-WAN connectivity. They made their money through being a great SWG, and offering the fun of a proxy service to help secure internet traffic. Business was good, until SASE was coined, and then zScaler started to panic.

Cloudflare is in a similar situation, as moving from primarily being a CDN business to a SASE one is a fantastic leap. This is a much newer offering than zScaler (or the better SASE players out there), but it’s still very much an emergent technology with significant gaps in feature functionality.

If youre only looking at these two vendors for a SASE architecture, I would advise to continue looking further. Gartner recently launched their 2023 Magic Quadrant for single-vendor SASE, and neither Cloudflare or zScaler appears present at any time. This should be a very telling tale.

Both architectures are quite ‘sticky’ once deployed, but like anything, they can be replaced with a little bit of effort

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
40.7k views131 Upvotes319 Comments

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy10%



Insider threats – rogue admins19%

Encrypting my data51%

Deleting my backup copies11%

Resident malware8%

Data theft – data exfiltration11%



1.6k views1 Comment